Comments (9)
IAm0x52
commented on July 26, 2024
1
Escalate.
This should be a dupe of #178, since it is the same root cause of CVG cycles length drift.
It also requires that at least 7 days has passed since this update to roll the cycle forward in [L205](https://github.com/sherlock-audit/2023-11-convergence/blob/main/sherlock-cvg/contracts/Rewards/CvgRewards.sol#L205). The result is that the cycle can never be exactly 7 days long and the start/end of the cycle will constantly fluctuate.
#178 (quoted above) describes the result of these longer cycles on LockingPositionService and this issue outlines the impact it has on gauge rewards.
Note: since the requirement on calling checkpoint is that at least 7 days have passed since the last distribution, it would mean that the delta of the checkpoint and the end of the week will gradually decrease every week
This issue describes the exact same root cause behavior of cycles that are too long. Ultimately the root issue is the same and these should be considered dupes.
from 2023-11-convergence-judging.
walk-on-me
commented on July 26, 2024
Hello,
Thanks a lot for your attention.
After a deep review of the issues, we have to consider all of your issues as valid.
We indeed noticed that if we don't synchronize our CvgCycle with the WEEKS, we could have some issues of desynchronization in the long term if the CVG cycle is not triggered immediatly after 1 week.
For example :
- #10 && #193, mention that if the distribution of $CVG occurs just before a WEEK and finished just after, some gauges will have less CVG distributed.
- #14, mention that some user can get some free mgCVG for 1 WEEK less than other users
- #101, mention that in the last cycle of a lock, an user cannot extend his lock during the time between the last WEEK and the nextCvgCycle.
- #136 && #215, mention that in the last cycle of a lock, an user is locked for 1 more cycle than he planned
- #178 , mention that extending a lock can be impossible
- #59 , mention that during the mint of a position, the lock is done for one extra cycle on the veCVG
We are going to implement the solution for all of these issues that is to round our CVGCycle on the WEEK like veCVG is doing.
Regards,
Convergence Team
from 2023-11-convergence-judging.
sherlock-admin2
commented on July 26, 2024
Escalate.
This should be a dupe of #178, since it is the same root cause of CVG cycles length drift.
It also requires that at least 7 days has passed since this update to roll the cycle forward in [L205](https://github.com/sherlock-audit/2023-11-convergence/blob/main/sherlock-cvg/contracts/Rewards/CvgRewards.sol#L205). The result is that the cycle can never be exactly 7 days long and the start/end of the cycle will constantly fluctuate.#178 (quoted above) describes the result of these longer cycles on LockingPositionService and this issue outlines the impact it has on gauge rewards.
Note: since the requirement on calling checkpoint is that at least 7 days have passed since the last distribution, it would mean that the delta of the checkpoint and the end of the week will gradually decrease every weekThis issue describes the exact same root cause behavior of cycles that are too long. Ultimately the root issue is the same and these should be considered dupes.
You've created a valid escalation!
To remove the escalation from consideration: Delete your comment.
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
from 2023-11-convergence-judging.
nevillehuang
commented on July 26, 2024
@IAm0x52 agree, should be duplicate of #178, given also, the fix implemented for all this issues are the same indicated by sponsor.
from 2023-11-convergence-judging.
10xhash
commented on July 26, 2024
there are scenarios possible where even if week/cvgCycle is synced the rewards distribution issue can occur although at low likelihood ( see #193 )
from 2023-11-convergence-judging.
Czar102
commented on July 26, 2024
Planning to make it a duplicate according to the escalation.
from 2023-11-convergence-judging.
Czar102
commented on July 26, 2024
Result:
Medium
Duplicate of #178
from 2023-11-convergence-judging.
sherlock-admin2
commented on July 26, 2024
Escalations have been resolved successfully!
Escalation status:
- IAm0x52: accepted
from 2023-11-convergence-judging.
IAm0x52
commented on July 26, 2024
Same root cause and fix as #178
from 2023-11-convergence-judging.
Related Issues (20)
- ydlee - A token owner cannot remove one mgCvg delegation when he already delegates to `maxMgDelegatees` addresses.
- chainNue - Allowance is not set to zero first before approving
- cducrest-brainbot - Withdrawing rewards will convert sdt to cvgSDT at any rate
- mahmudsudo - empty array input claims rewards HOT 1
- pontifex - Unexpected revert at the `delegateMgCvg` and `delegateVeCvg` when delegation removal
- pontifex - Users can't receive rewards in the actual `cvgCycle` due to unexpected error HOT 11
- zraxx - When `delegateMgCvg` is used for update or remove, it will be reverted due to improper require checks. HOT 1
- pontifex - Tokens distribution may be broken due to incorrect address verification when depositing tokens HOT 1
- 0xmuxyz - The locked-amount and the voting power can still be increased even after the given `tokenId` of locking position NFT (ERC721) would be burned via the LockingPositionService#`burnPosition()` HOT 1
- CL001 - In the case that the total supply of CVG tokens is insufficient, the last user to claim the rewards will suffer a loss HOT 2
- jah - a malicious user can prevent a user from receiving a delegation
- bitsurfer - Did not approve to zero first issue
- bitsurfer - Possible DoS happening when gauge weight is changing due to underflow of `pt.slope -= d_slope`
- jah - wrong time when increasing the locking time HOT 1
- lemonmon - `LockingPositionService.mintPosition()` problems with duplicate `tokenIds` from `LockingPositionManager` may cause users to lose their funds HOT 3
- qpzm - Out-of-gas error in `CvgERC721TimeLockingUpgradeable.getTokenIdsForWallet` HOT 1
- Inspex - If admin kill a gauge, userβs voting power for that gauge may lost 1 or 2 cycles HOT 1
- hash - Possible loss of unclaimed rewards for long-term frequent stakers
- GimelSec - `SdtStakingPositionService.processSdtRewards` could record the wrong amount of sdt reward.
- jah - wrong calculation which leads to a not being able to function properly HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from 2023-11-convergence-judging.